Botnet gangs collaborate on malware

Summary:The criminal groups behind the Zeus and Avalanche botnets appear to have struck a deal to use each other's infrastructure

Two criminal groups are collaborating to promote malware, according to botnet researcher Jose Nazario.

The anonymous group behind the Avalanche botnet is pushing Zeus, malicious code from another unnamed group, Nazario told ZDNet UK on Wednesday.

"We are seeing Zeus and Avalanche working together to promote growth," Nazario said. "We appear to be seeing one of the groups, Avalanche, promoting Zeus malware."

Nazario, senior researcher for security company Arbor Networks, said the firm had seen the Avalanche botnet spamming out Zeus code. Zeus is a banking Trojan, designed to steal information, whereas the Avalanche botnet is used mainly to host phishing sites.

Nazario said Arbor researchers were surprised when they first saw the two groups working together, but their collaboration made sense.

"It threw us for a loop, confused us for a second," Nazario said. "[But] they don't directly compete, and they both have good market positions, so they can grow each other."

The Zeus botnet is at least tens of thousands of computers strong, Nazario said.

Vincent Hanna, an investigator for anti-spam organisation the Spamhaus Project, told ZDNet UK on Friday that the two groups are using each other's infrastructure on a commercial basis.

"There are people who supply botnets, and there are people who 'rent' capacity on these botnets," Hanna said in an email interview. "We see that the same viruses are emitting mails that benefit [the] different groups, either through spammed URLs or attached malware."

In another novel development, the latest Zeus variant uses Amazon's EC2 cloud computing infrastructure to host its its command and control functionality, CA researcher Methusela Cebrian Ferrer wrote in a blog post on Thursday.

"The Zeus bot variant injects code into the system processes (such as svchost.exe) and connects to its cloud-server for configuration of the master for its criminal activity," Ferrer wrote.

The Zeus variant is being spammed out in fake Christmas cards, the researcher added.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.